From a6318fd2985e03aa0540becfbf800be983460c04 Mon Sep 17 00:00:00 2001
From: Steven Moreland <smoreland@google.com>
Date: Tue, 31 Aug 2021 17:58:15 -0700
Subject: native handle - fix ubsan abort

missing bounds check

Fixes: 197919958
Test: hidl_test (while manually triggering ubsan)
Change-Id: I0234f56f0649b7bafec6f4e33509a93a3c739221
---
 Parcel.cpp | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Parcel.cpp b/Parcel.cpp
index adafaab..6c7effa 100644
--- a/Parcel.cpp
+++ b/Parcel.cpp
@@ -1464,8 +1464,8 @@ status_t Parcel::readNullableNativeHandleNoDup(const native_handle_t **handle,
         return status;
     }
 
-    if (nativeHandleSize < sizeof(native_handle_t)) {
-        ALOGE("Received a native_handle_t size that was too small.");
+    if (nativeHandleSize < sizeof(native_handle_t) || nativeHandleSize > std::numeric_limits<uint32_t>::max()) {
+        ALOGE("Invalid native_handle_t size: %" PRIu64, nativeHandleSize);
         return BAD_VALUE;
     }
 
-- 
cgit v1.2.3